Enhanced OAuth security for SSH keys

We just added more granular permissions so third party applications can specifically request read-only access, read/write access, or full admin access to your public SSH keys.

You’re in control

As always, when an application requests access to your account, you get to decide whether to grant that access or not.

screen shot 2014-02-24 at 4 16 32 pm

Revoke with ease

In addition to these finer-grained permissions, we’re also making it easier to revoke SSH access to your data. If an OAuth application creates an SSH key in your account, we’ll automatically delete that key when you revoke the application’s access.

0123998e-9052-11e3-8c2a-7e024c50f7c1

To help you track security events that affect you, we’ll still email you any time a new key is added to your account. And of course, you can audit and delete your SSH keys any time you like.

You can read about the new changes in more detail on the GitHub Developer site.

Tags:

Improving Git protocol security on GitHub Enterprise Server

The recent changes to improve protocol security on GitHub.com are now coming to GitHub Enterprise Server, starting with version 3.6.

Brian Carlson

Improving Git protocol security on GitHub

We’re changing which keys are supported in SSH and removing unencrypted Git protocol. Only users connecting via SSH or git:// will be affected. If your Git remotes start with https://, nothing in this post will affect you. If you’re an SSH user, read on for the details and timeline.

Matt Cooper & Brian Carlson

Security keys are now supported for SSH Git operations

GitHub has been at the forefront of security key adoption for many years. We were an early adopter of Universal 2nd Factor ("U2F") and were also one of the first…

Kevin Jones

Explore more from GitHub